Welcome to RiskbOWl – the first closed community of Risk professionals to share ideas and best practices

Through RiskbOWl, you will be able to anonymously ask questions, share perspectives, run targeted polls, discuss recent regulatory developments and so much more.

We are already live with the pilot, and can’t wait for you to contribute as well. But before you do, two things:

1. Security
The only way this community will work is if we keep the environment highly secure and therefore we have integrated the login with our Oliver Wyman Single-Sign-On infrastructure that we use for all client work where the information being shared is sensitive.

By now you should have received an e-mail from our IT services on how to set up your User ID on the OW Digital workbench. These are your RiskbOWl User ID and password.

For any questions regarding your account set up please e-mail: riskbowl@oliverwyman.com

2. Community rules
Remember to maintain anonymity at all times and :

i. Limit your discussion to details of methodologies (e.g. formulae or equivalent), including the relative merits of different methodologies for capital adequacy best practice.

ii. Never disclose or otherwise discuss actual input or output values used by them in respect of any methodologies.

iii. Never engage in discussion of information that relates to your institution or other’s commercial positioning or strategy.

iv. Adhere strictly to the letter and spirit of competition and antitrust laws - RiskbOWl is a space for knowledge exchange, not collusion.

We will be pre-screening all messages to start with, but depend on our community to be the first line of defense

And lastly, remember this is a pilot: we are still fixing some bits and bobs, so bear with us with any hiccups while we make RiskbOWl the best it can be!

Thank you for being part of this community. We think and hope it will transform how we share knowledge in the risk world in a timely fashion.

The RiskbOWl team

Conversations with our clients reveal the imperative of realizing the benefits from the promise of digitally transforming credit decisioning and lending journeys, driven by the need to control bank costs and retain customer loyalty in the face of competition from more nimble, digitally-native banks

To better understand current trajectories in the lending transformation space, Oliver Wyman conducted a survey of banks across several markets, looking at the overarching burning platform, budgets, barriers to transformation, data, analytics, underlying technology, customer management, and organisational setup. In summary, our high-level, selected findings indicate

Lending transformation is a high priority topic, with participants sequencing Retail and SME first in their lending transformation programs Respondents see the traditional incumbent breakthrough as the biggest competitive threat over the new fintech challenger looming on the horizon Decisioning time, revenue growth and cost reduction cited as top 3 benefits, whilst expected uplift is highest for customer experience Budget for lending allocation is approached on program level or on individual level, with very few respondents approaching it as a strategic objective Most budget is spent on customer journeys, internal workflows and underlying IT infrastructure rather than analytics capabilities

Lending transformation survey infographic.png

Reach out for more insight, but we’d be keen to hear from the RiskbOWl community how this stacks up against your lending transformation program – post your thoughts below !

Greg Wiltshire is a Director in Oliver Wyman's Risk Delivery Team. Greg brings over 15 years of risk modelling and analytics experience, specialising in risk and technology transformations.

Matias Coggiola is a Manager at Oliver Wyman and specialises in Credit Risk modelling methodology and regulatory compliance. He curates the monthly Risky Business series.

In recent years, UK banks have increasingly found themselves allocating a significant portion of their risk budgets to Internal Ratings-Based (IRB) remediation programmes. This trend underscores a pervasive underestimation of the challenges involved in building and operating effective IRB models. As we look ahead, it is clear that a more effective approach is not only possible but essential for navigating the upcoming waves of regulatory scrutiny and operational demands

Our experience - as well as regulatory feedback - shows that robust governance and senior ownership is important, reflected in committee membership and a culture of review and challenge of key judgments

One critical issue is the composition of the teams tasked with model development. While these teams often possess substantial IRB expertise, they frequently lack robust coding skills. Although banks have established enablement and engineering teams to bridge this gap, the collaboration between these groups is often not fully functional. As a result, much of the code remains monolithic and SAS-based, which complicates quick implementation and increases the likelihood of errors. This disconnect highlights the need for a more integrated approach that combines modelling acumen with technical proficiency to enhance the efficiency and accuracy of IRB model development

To address these pain points effectively, we recommend three key strategies. First, creating mixed teams of modellers and experienced coders can significantly enhance the development process. By integrating technical expertise with modelling knowledge, banks can improve workflow efficiencies. This collaborative approach not only streamlines the development timeline but also ensures that the initial code is closer to a deployable state. We have also found firms benefit from code sharing through platforms like GitHub, and establishing rigorous code review processes. Code libraries and ‘scaffolding’ (re-usable code structures) also make model development more controlled, repeatable and efficient.

Second, when using external support, implementing risk-sharing arrangements for delivery can lead to more successful and cost-effective outcomes. By fixing delivery costs while also aligning incentives for successful model results, banks can attract the right level of seniority and mix of resources necessary for effective model development. This shift in focus can help mitigate the risks associated with failed deliveries, ultimately leading to better resource allocation

Lastly, fostering greater involvement of internal stakeholders throughout the model development phase is crucial. By explicitly engaging these stakeholders and focusing on their understanding of risk management practices and the operational environment, banks can ensure that modelled approaches are more closely aligned with business needs. Additionally, enhancing the education of business units about IRB processes can facilitate stronger collaboration and reduce tensions between modelling teams and business units, ultimately improving the overall effectiveness of IRB models

In conclusion, while the journey towards effective IRB remediation is challenging, there is a clear path forward. By addressing the pain points head-on and adopting a more integrated and collaborative approach, UK banks can not only ease the current IRB pain but also develop sustainable modelling capabilities going forward. If you would like to get more information on how we organise our teams in our risk-sharing agreements on IRB delivery, feel free to reach out

This post was authored by Cem Dedeaga, a partner in our Finance and Risk Practice, based in the London office, specialising in prudential credit risk topics. With extensive experience across a diverse range of financial institutions, Cem leads large-scale prudential credit analytics delivery (IRB, IFRS 9) in the UK and Europe. His expertise encompasses the delivery of comprehensive credit risk models and frameworks, helping banks improve compliance with regulatory standards

After a decade of negative or zero interest rates, European economies entered a rising rate cycle in 2022. Now, as markets anticipate the beginning of an easing cycle, deposit betas are expected to catch up. The question is, are banks prepared to compete for deposits in this environment, which is unfamiliar to a whole generation of bankers?

In 2024, a systematic approach to deposit management is not only a critical value driver but also a necessary defensive tool. By leveraging smart deposit management techniques, anchored on advanced analytics and operational capabilities, banks can optimise their deposit costs significantly.

What actions have you taken? Where can the community help you?

I would also like to learn more about this

@OP

In my experience, it typically depends on the bank's approach to the override:

Pre-calibration would typically be included if they are trying to include is as an statistical predictor of risk: i.e. you have some historical information that help you calibrate the specific weight and you only include the override if it increases the predictive ability of the model

Post-calibration if they want it to be a “penalization” mechanism for management (however this will not be fully compliant with EBA calibration guidelines for the use of overrides in IRB models)

In the context of the 2025 EBA Stress Testing exercise we’ve convened our sixth EBA Stress Test industry roundtable, involving representatives from 25 of the largest European banking institutions across ten countries.

While each bank is looking to approach the stress testing exercise from its own unique perspective, we’ve found that two common trends seemed to emerge:

Banks expect the anticipated depletion of the Common Equity Tier 1 (CET1) ratio under adverse scenarios to align closely with the outcomes seen in 2023.

Banks see the operational complexity of the exercise as their main challenge. Participants were concerned about potential CRR3 re-statements (particularly the difficulty in accurately projecting a CRR3 Fully Loaded framework that incorporates all CRR3 phase-ins expected by 2032) as well as the need for top-down calculations to estimate CRR3 compliant RWAs, which could complicate reconciliation efforts and impact result accuracy.

Other concerns raised by participants included the new timeline and significant changes to Quality Assurance processes - especially regarding potential on-site visits and inspections by the European Central Bank (ECB) - and the unpredictability of the new Net Interest Income (NII) platform and Quality Assurance machinery, which banks believe leaves them with less control over projections and adds to the uncertainty of the exercise.

Overall, it was insightful to see how given the inherent complexity of the exercise participants agreed on the need for thorough upfront preparation and a robust end-to-end stress testing infrastructure as conditions to success. What are the main concerns at your organisation? How do you feel your competitors will react to EBA’s requirements for this year’s stress testing?

Graphics: How Oliver Wyman supports Financial Institutions carry out stress testing:
cc0303ff-d517-49f9-b22c-e6d2071f1964-image.png

Lots of good answers here.

One tough learning from implementing this at scale is that unlike traditional ML, automated tests can only capture a small fraction of what can go wrong with GenAI. While the automated validation is necessary, it is not sufficient.

We have typically needed to also develop large manual testing protocols for releases, where humans (either developers or a set of test users), attempts a mixed of predefined and new prompts, and judge the quality of the answers. Often we will uncover “issues” that are very subjective, such as the answers technically being correct but pulling from different files that we wished, or answers being less/more detailed than the average user prefers, or an entirely new file format having issues (hence not covered by tests yet), or a million other things!

For one of our recent clients, we ran “hackathons” along with releases where both new and power users would try various prompts and score the output. It was incredibly helpful to identify things the tests had failed to see

Hi RisbOWl community.

I have been thinking lately about the dynamics of the working relationship with 2nd and 3 LOD from a 1LoD perspective.

While there is much talk about these dynamics from a high-level, ERM or governance perspective, those of us who are in involved more on the day to day interactions need to make sure we 'walk the talk'.

While clear, continued communication is key, I have found the use of shared resources (such as evidence repositories, plans, collaborative query logs, etc) have really made a difference in the relationship we have built with our validators in the second line of defence.

What does the community think about common techniques for increasing cross-line of defence productivity.

Thank you in advance.

Very good questions. I’ve come across this as well on operational resilience and
cyber, where the challenges are similar

Some thoughts on this (also with the ex-regulator hat on):

Management bodies should acknowledge the challenge and be thoughtful around
how to address this, e.g. through training; reporting; succession planning
etc. We recently heard from a regulator that they were worried that sometimes
these topics are ‘outsourced’ to one person on the exec/ Board who
understands it, whereas they are looking for broader skills and knowledge in
the group. Again I think this is important to acknowledge, including the fact
that building those muscles take time In terms of ‘evidencing’ appropriate oversight and challenge by the Board,
when supervisors look at meeting minutes they would expect to see critical
questions being asked and a level of discussion (rather than the Board just
‘noting’ things) The quality of the materials and reports being presented to the Board is very
important, both data, but also someone bringing out the ‘so what’ and in
particular where there are areas of judgement and uncertainty, and where
there are trade-offs